package com.tedu.food.common.config;
import java.util.LinkedHashMap;

import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SpringShiroConfig {
	/**
	 * 会话Session配置实现
	 * @return
	 */
	@Bean   
	public SessionManager sessionManager() {
			 DefaultWebSessionManager sManager=
					 new DefaultWebSessionManager();
			 sManager.setGlobalSessionTimeout(60*60*1000);
			 return sManager;
    }

	@Bean
	public SecurityManager securityManager(
			Realm realm) {
		DefaultWebSecurityManager sManager=
				new DefaultWebSecurityManager();
		sManager.setRealm(realm);
		return sManager;
	}
	/**
	 * 配置ShiroFilterFactoryBean对象，通过此对象
	 * 创建过滤器工厂，并指定过滤规则
	 * @param securityManager
	 * @return
	 */
	@Bean
	public ShiroFilterFactoryBean shiroFilterFactory (
			SecurityManager securityManager) {
		ShiroFilterFactoryBean sfBean=
				new ShiroFilterFactoryBean();
		sfBean.setSecurityManager(securityManager);
		sfBean.setLoginUrl("/login2");
		//定义map指定请求过滤规则(哪些资源允许匿名访问,哪些必须认证访问)
		LinkedHashMap<String,String> map=
		new LinkedHashMap<>();
		//静态资源允许匿名访问:"anon"
		map.put("/bower_components/**","anon");
		map.put("/build/**","anon");//anno
		map.put("/dist/**","anon");
		map.put("/css/**", "anon");
		map.put("/js/**", "anon");
		map.put("/plugins/**","anon");
		map.put("/doLogout","logout");
		map.put("/doLogin", "anon");
		map.put("/register", "anon");
		map.put("/dovalidatePhone", "anon");
		map.put("/dovalidateUsername", "anon");
		map.put("/doSaveObject", "anon");
		map.put("/login2", "anon");
		
		//除了匿名访问的资源,其它都要认证("authc")后访问
		map.put("/**","authc");
		//map.put("/**","user");//记住我时将authc改为user
		sfBean.setFilterChainDefinitionMap(map);
		return sfBean;
	}
	
	
}














